Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

aes encrypt/decrypt ini file to stream

677 views
Skip to first unread message

Eric

unread,
Feb 5, 2007, 10:26:08 AM2/5/07
to

I have been tasked to encrypt our current implementation of
configuration files with AES.

I would like to be read the encrypted files into a memory stream
and use the standard inifile access methods. Finally, I would like
to be able to encrypt the memory stream back to a file.

Any pointers on where to start or what part of the above has
already been implemented?

Thanks,

EriC

Marius Andresen

unread,
Feb 5, 2007, 11:20:21 AM2/5/07
to
Have a look at http://www.cityinthesky.co.uk/cryptography.html for a
crypto package

Marius

Peter Below (TeamB)

unread,
Feb 5, 2007, 1:52:52 PM2/5/07
to
Eric wrote:

You only need to deal with the encryption/decryption part, e.g. using
TurboPowers LockBox (on sourceforge.net). Once you have the decrypted
content in a TMemoryStream you can load it into a TStringlist instance
via LoadFromStream, and the use that with the SetStrings method of a
TMemInifile object to get INI-style access to the data. The way back
uses the GetStrings method of TMemInifile and the SaveToStream method
of the stringlist.

--
Peter Below (TeamB)
Don't be a vampire (http://slash7.com/pages/vampires),
use the newsgroup archives :
http://www.tamaracka.com/search.htm
http://groups.google.com
http://www.prolix.be

Eric

unread,
Feb 7, 2007, 8:43:12 AM2/7/07
to

>
>You only need to deal with the encryption/decryption part, e.g. using
>TurboPowers LockBox (on sourceforge.net). Once you have the decrypted
>content in a TMemoryStream you can load it into a TStringlist instance
>via LoadFromStream, and the use that with the SetStrings method of a
>TMemInifile object to get INI-style access to the data. The way back
>uses the GetStrings method of TMemInifile and the SaveToStream method
>of the stringlist.
>
>
Thanks Peter. This works perfectly.

(for other who want to do this: I did have to slightly modify the
.inc files in the turbopowers package to get it to compile under
BDS 2006)

-Eric

Eric

unread,
Feb 19, 2007, 4:13:12 PM2/19/07
to

Peter,

Although the lock box solution does allow me to encrypt/decrypt
between delphi apps that use the lockbox, the lockbox AES encryption does not seem to be compatible with the windows
CryptoAPI. (Which is a requirement that I did not mention
originally.)

The incompatibility appears when I attempt to decode data under
lockbox that was encrypted with the cryptoAPI and also when I try
to decrypt data under the cryptoAPI that was encrypted with the
lockbox. In both directions, the first 16 bytes are successfully
decrypted but then the decryption fails.

Are you aware of any similar (and free) tools for delphi that are compatible with the cryptoAPI?

Or might you have suggestions on how to resolve this with the
existing tool?

Thanks,
-Eric

Wolfgang Ehrhardt

unread,
Feb 20, 2007, 1:31:34 PM2/20/07
to

If you get deviation after 16 bytes this is most probably caused by
Lockbox' braindamaged IV handling:

As I wrote nearly three years ago in the BASM group

<quote>
Forget Lockbox for FastCode or serious applications:

There no way to set an explicit IV, it uses pseudo random IVs!!!! It
is incredible slow, has few modes, buffer encryption based on streams
etc ...
</quote>

AES Fastcode is no help for you, as they are interested in ECB mode
only and do not implement other "Recommendation for Block Cipher Modes
of Operation". If you are willing to code your stream related code
from buffer based code, you may have a look at my AES open source from
<http://home.netsurf.de/wolfgang.ehrhardt/crypt_en.html#AES>


Wolfgang
--
In order to e-mail me a reply to this message, you will have
to remove PLEASE.REMOVE from the address shown in the header
or get it from http://home.netsurf.de/wolfgang.ehrhardt
(Free AES, CRC, Hash, and HMAC source for Pascal/Delphi)

Peter Below (TeamB)

unread,
Feb 20, 2007, 2:01:50 PM2/20/07
to
Eric wrote:

> Although the lock box solution does allow me to encrypt/decrypt
> between delphi apps that use the lockbox, the lockbox AES encryption
> does not seem to be compatible with the windows CryptoAPI. (Which is
> a requirement that I did not mention originally.)

Yes, this incompatibility has been mentioned before, if memory serves.
The lockbox methods also fail with the standard test cases for this
encryption, as far as I know, so there is something not quite OK with
them.

> Are you aware of any similar (and free) tools for delphi that are
> compatible with the cryptoAPI?

Well, you could use the cryptoAPI yourself <g>. Never looked at that
myself, though. For my purposes it was just important that the methods
could successfully decrypt what they had encrypted before.

Perhaps you can find something among these URLs:

http://www.csd.net/~daves/delphi
http://www.scramdisk.clara.net/
http://www.fichtner.net/delphi/md5.delphi.phtml
http://fastcode.sourceforge.net/challenge_content/AES.html
http://home.netsurf.de/wolfgang.ehrhardt/crypt_en.html (AES-128))
http://www.streamsec.com/ (commercial)

nt8j...@sneakemail.com

unread,
Feb 21, 2007, 8:23:38 AM2/21/07
to

> Well, you could use the cryptoAPI yourself <g>. Never looked at that
> myself, though. For my purposes it was just important that the methods
> could successfully decrypt what they had encrypted before.
>
> Perhaps you can find something among these URLs:
>
Peter,

I am looking at the solution Wolfgang and yourself pointed out.
However, I am intrigued at the prospect of use the cryptoAPI
directly. I could not find any built in support for this so how can I
access these APIs from delphi?

THanks,
-Eric

0 new messages